5 matches found
CVE-2020-26896
Prior to 0.11.0-beta, LND Lightning Network Daemon had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount...
Design/Logic Flaw
Prior to 0.11.0-beta, LND Lightning Network Daemon had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount...
CVE-2020-26896
Prior to 0.11.0-beta, LND Lightning Network Daemon had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount...
CVE-2020-26896
The CVE affects LND (Lightning Network Daemon) prior to version 0.11.0-beta, specifically its invoice database. The root cause is that, when claiming an on-chain HTLC output, LND did not verify that the corresponding off-chain HTLC had already been settled before releasing the preimage. In a hash...
PT-2020-16538 · Lightning Network · Lnd
Name of the Vulnerable Software and Affected Versions: LND Lightning Network Daemon versions prior to 0.11.0-beta Description: The issue concerns a problem in the invoice database where LND failed to verify the settlement of an outgoing off-chain HTLC before releasing the preimage while claiming ...